Background technology
The application of campus card and stored value card is more and more universal, and general stored value card uses the standard and the agreement of ISO14443 less radio-frequency.Radio frequency is nothing but the communication interface between radio-frequency card and the card-reading terminal.In the application scheme of the stored value card of campus card, core problem is to adopt symmetric cryptography to block the mutual authentication with card-reading terminal, i.e. three authentications of symmetric cryptography.The purpose of authentication is that the authentication both sides confirm to have identical key, if after key was identical or authentication passes through, the key that just can use these both sides to have carried out secret communication.
If in following narration, do not specialize, we are with term " wallet " expression " stored value card ".Promptly two speech are general.Also be like this on claims.
The implementation of the stored value card of at present general campus card is that according to the global unique ID number of different cards, card sending mechanism selects cryptographic hash function HX and HZ as depreciation (consumption) function of the stored value card of card sending mechanism and the increment function of stored value card.In new CPU card, generally select DES (or 3DES) as HX and HZ, still need depreciation (consumption) key SX and increment key SZ to become cryptographic hash function HX and HZ to DES certainly.
For example, card sending mechanism at first reads the ID of card to the card of a new issue, calculates DES thenSX(ID), calculate DES as depreciation (consumption) keySZ(ID) as the increment key.When consumption was used, card reader read ID number of card, and identical function calculation goes out DES during then with hair fastenerSX(ID), and with the card in the storage depreciation (consumption) key carry out the symmetric cryptography authentication, identical this card that shows is that card sending mechanism is issued.Behind the cipher authentication, can carry out the payment of stored value card, the Stored Value in the corresponding then minimizing stored value card.When supplementing with money, card reader reads ID number of card, and identical function calculation goes out DES when using with hair fastener thenSZ(ID), and with the card in the stored value added key carry out the symmetric cryptography authentication, identical this card that shows is that card sending mechanism is issued.Behind the cipher authentication, can increase the Stored Value in the stored value card.Every card like this, because the difference of card number (ID), key is also different.Be exactly that the card that is called in the industry is one close.
From above explanation, can find out that to cryptographic hash function HX and the secret of HZ (or key SX and SZ) be the key of security of system.Cracking of Mifare encryption function makes everybody to the protection that encryption system only relies on key more deep understanding arranged.But in the above in the application process of stored value card; Can find out that depreciation (consumption) key must appear at (or on the PSAM card at terminal) in the consumption terminal; But this key lose the collapse that can not cause electronic purse system; Reason is to know withholing of can only blocking of consumption key, the user is obtained commodity just can withhold accordingly with service.Can not take place not provide commodity or service just to carry out the operation that the user withholds, stick into capable button value, can not obtain real fund and come to light from card sending mechanism if use new ID to forge simultaneously; Issuing card ID forges if use, will can find illegally to obtain the terminal of transaction record through transaction record, and this is followed the trail of equally easily finds that the fake producer can not get interests economically.Blacklist also is to prevent to duplicate fully the effective means that card is attacked.
But increment key HZ (ID) loses, the leakage of the function HZ that particularly rises in value, and with causing serious safety problem, this makes after obtaining commodity and serving, not have real payment funding by the amount of money that can forge stored value card.Though can adopt the method for blacklist to stop the continuation of forging card to be used, forge the behavior of card and can constantly carry out, will cause the contradiction of businessman and card sending mechanism.The method that solves can only be that real-time online is paid, and this gives the benefit of topmost quick use of stored value card and off line use discarded again.Also having one doesMethod is to adopt other AES and key that the data such as the amount of money in the stored value card are encrypted.Take precautions against and obtainThe assailant of card readwrite key revises or generates the amount of money in the card.Auxiliary again blacklist means, very limitsGuarantee the safety of stored value card.
In fact, in the use of stored value card, there are two kinds of different businessmans: credit businessman and non-credit businessman.Such as, this public public institution of public transport MTR is exactly credit payee (a credit businessman).The characteristics of these units are can not make a profit by unit forgery card basically, and the employee forges card again less than corresponding interests.And common businessman in particularly a large amount of little businessmans, possibly have the lawless person who forges card and attacking system.So although Mifare is cracked, we can see that the public transit system of the stored value card of a large amount of use Mifare does not have big safety problem; If but after a cash receiving terminal identical with the public transport cash collecting system is issued to a large amount of medium and small businessmans, possibly just there is businessman to take cashing machine among the crowd to, utilize " wireless " characteristic of Mifare card illegally to collect money.For this reason, Hong Kong has just produced so-called " cutting ferrule ", and its function is exactly the method with electromagnetic screen, puts into stored value card wherein, prevents that illegal businessman from using the fund of cashing machine near the theft stored value card.This method obviously influences promoting the use of of radio-frequency card stored value card.In fact, the public transport gathering requires to pass through fast, and businessman's gathering is just so not strong to requiring fast.Can require the input PIN code in use as present bank card fully.The security of guaranteeing payment with PIN code.
Like this, the use of stored value card just is divided into two kinds of situation: credit payment, and for example public transport is swiped the card does not need PIN code; Non-credit payment, for example businessman swipes the card needs PIN code.With regard to how producing the problem that on existing credit payment does not have the electronic purse card of PIN code, realizes PIN code, promptly needing and on the public transport terminal, to use no PIN code to swipe the card fast like this, reach the unified technical scheme that to use the PIN code bankcard consumption in businessman.
Simultaneously, present stored value card comprises CPU card stored value card and ISO14443 agreement, the security of not using the thought of public cryptography to improve system.Do not provide after PSAM card and SAM card are cracked fully, after promptly depreciation function HX and increment function HZ divulged a secret, total system faced the problem of collapse.
Summary of the invention
Now, the security of stored value card is under attack, and the Mifare card is cracked and causes very big attention especially in the whole world.The assailant can read all information in the card, duplicates and forges, and this can solve with blacklist.But, and if the cipher function HX of hair fastener and HZ revealed, that assailant just can forge card, the blacklist method is with powerless.And deposit the HZ function the SAM module supplement the terminal with money, particularly deposit the popularizing of consumption terminal of SAM (PSAM) module of HX function, increased the disclosure risk of HZ and HX.Thinking at present in the key managing project of safe CPU card that exactly the divulge a secret risk of back system crash of cipher function HX and the HZ of hair fastener is arranged equally.So must address this problem.We can strengthen the security of existing system with the thought of public cryptography.
So, a kind of method that strengthens card safety, it comprises:
In the hair fastener stage, will block recognition data and carry out digital signature, and be stored in the data field of card;
Operational phase, the digital signature that reads the card recognition data and block recognition data; Relatively go up the consistance of a step data, confirm as intrasystem card when identical, proceed work, otherwise be not intrasystem card, quit work.
Better, the recognition data of card comprise ID number of card or (with) user profile of card or (with) card sending mechanism information etc.
Further, signature algorithm has encryption function.
All right, also comprise in the signed data other zones (or/and) key data of file.
Above card recognition data is exactly other data of phase region between the different cards, as: the sequence number of card (card number), ard issuers, holder.In a word, be exactly any two different cards, the different pieces of information that the identical data zone is formed.
In theory, the stored value card of present stored value card, particularly less radio-frequency only needs a storage area, promptly stores the zone of wallet balances.Certainly this zone can have two keys to protect, i.e. depreciation key and increment key.In order to increase the PIN code protection, there is the people to increase in addition a zone in addition and stores PIN code (perhaps it is with the form of salt).But add PIN code and can also adopt other modes; See patent application document (method of a ZL201010533245 symmetric cryptography authentication); Can store PIN code without the another one district fully, we can say that also stored value card can have only a district in essence: the wallet balances district.
Our method of invention is will be the wallet key, and particularly the depreciation key is stored in the card, so wallet card must have two districts: wallet balances district and data field.The wallet balances district is used to deposit the remaining sum of wallet, and the data field is used to deposit the key of wallet, can also deposit other information such as PIN code certainly.With Mifare card Bus Card is example, and we claim that whole M ifare card is a stored value card; In card, the piece (as the 4th) that is used for stored balance is the wallet balances district; The increment key in remaining sum district, depreciation key and other keys are called the wallet key; The zone (as the 12nd) of depositing the wallet key is called the data field, and the access control key in this district is called the data field key.
A kind of method that strengthens stored value card safety, it comprises: be divided into remaining sum district and data field in the stored value card; In the hair fastener stage, electronic purse balance amount district key is stored in the data field, in stored value card, storage user's PIN code; During use, card reader obtains user's PIN code, authentication PIN code, and obtain the wallet key from the stored value card data field, and card reader uses wallet key and stored value card to carry out authentication, operates accordingly after correctly.
Further, the stored value card data field also has key to carry out read-write protection.
Better, the stored value card key is that the mode with ciphering signature is stored in the data field, can obtain the wallet key so also will decipher just when using.The mode of ciphering signature is the primitive form that utilizes like RSA Algorithm, rather than uses the method to the informative abstract signature that generally adopts at present.Can utilize the function of the encipherment protection information of original RSA Algorithm like this.
Further; Stored value card key and stored value card sign are stored with the mode of ciphering signature jointly; The data that obtain from stored value card when using like this must be passed through deciphering just can obtain wallet key and stored value card sign, and also has the stored value card sign step consistent with the sign of this stored value card that obtains after the affirmation deciphering.
More safely, can adopt PIN code to adopt the mode of combining closely with identification data to store user's PIN code, the mode of combining closely is also used in corresponding PIN code authentication.The what is called mode of combining closely is exactly the method for describing among the embodiment 5.
Usually, can adopt with the mode of salt for PIN code and to store, the PIN code authentication also will adapt.
A kind of system that strengthens stored value card safety, it comprises: the electronic purse balance amount district is used to store the device of wallet balances; The stored value card data field is used to store the device of wallet balances district key; Card reader is used to read and write the device of stored value card data.During use, electronic purse balance amount district key is stored in the stored value card data field, also stores user's PIN code at stored value card; Card reader obtains user's PIN code, stored user authentication PIN code then, and obtain the wallet key from the stored value card data field, and card reader uses wallet key and electronic purse balance amount district to carry out authentication then, operates accordingly after correctly.
Further, also there is key read-write protection device the stored value card data field.
Further, also have decryption device in the card reader, be used to decipher the wallet key of storing with the ciphering signature mode.
More safely, also have the ID authentication device in the card reader, be used for comprising the wallet identification data that stored value card key and stored value card identification data obtain, compare authentication with the identification data of this card stored value card from deciphering.
Embodiment
[embodiment 1] card signature
In first kind of embodiment of the present invention, for identification card, a sign can be arranged all in card generally, for example the MifareS50 card has a globally unique sequence number.Certainly the hair fastener of application system also need write personal information, hair fastener unit information, hair fastener temporal information etc.These information also can become recognition data, are called ID, promptly distinguish the data of this card and other cards.
System select for use rivest, shamir, adelman RSA and key to (S1, S2); With the ID RSA that signsS1And be stored in the data area of card (ID).When use at the terminal, at first read the sign ID of this card and be stored in the ID signature RSA in the cardS1(ID), RSA is calculated at the terminalS2(RSAS1(ID)) obtain ID, and compare with the ID that reads.The validity of this card just can be confirmed in the terminal when consistent.
Through such processing, after the assailant attacks consumption terminal or supplements the terminal with money, obtains the consumption function HX or increment function HZ of stored value card or card system, also can not forge card.Because signed data RSAS1(ID) protected by private key S1.By the thought of public-key cryptography, the assailant thoroughly cracks the terminal and the SAM module obtains: consumption function HX, increment function HZ, RSA and S2, can not forge the card of other ID, because the assailant still can not calculate RSAS1(ID).Need to prove that RSA and S2 are also underground, only with than the S1 that is kept in the hair fastener company compare that S2 is kept in low relatively PSAM of security and the SAM card.Can improve the security and the validity of blacklist protection mechanism like this.
Below, in conjunction with stored value card, further narrate this technical scheme.
Simultaneously need not PIN code in order to solve card, and on non-trust terminal, need the unified technical scheme of PIN code that embodiment 2 is arranged at credit terminal
[embodiment 2] no name
Core of the present invention is to adopt depreciation key (consumption key) is stored in the stored value card, further provide again to protecting of depreciation (consumption key) method.When using stored value card, carry out different operating respectively according to credit gathering and the gathering of non-credit.Second kind of embodiment according to the present invention, a kind of method that strengthens stored value card safety, we can use Mifare S50 card to describe.
Every Mifare S50 card has a globally unique ID number and 16 memory blocks, is numbered 0~15.There are two passwords each memory block: increment password and depreciation password.When the depreciation cipher authentication through after can carry out depreciation operation to the data of memory block, when the increment password authentification through after can be to the operation of rising in value of the data of memory block.
Use the electronic purse system of Mifare card, comprise increment function HX, depreciation (consumption password) function HZ, enhancing function ZQ, electronic purse card sign ID, user's PIN code etc.We select zone 1 storage area as remaining sum in the stored value card.Zone 2 is the zone of storage depreciation key.
Like this, the increment password in zone 1 is HZ (ID); The depreciation password is HX (ID); The read-write password in zone 2 is for strengthening password ZQ (ID); HX (ID) and user's PIN code are stored in by in the zone 2 that strengthens password ZQ (ID) protection.
When credit terminal used, this also was the method for prior art read-write stored value card, and consumption terminal generally has depreciation (consumption password) function HX; Consumption terminal is at first read sign ID number of stored value card, and calculates HX (ID), carries out authentication with depreciation (consumption) key in HX (ID) and the stored value card, the operation of withholing accordingly when consistent; When on the terminal of card sending mechanism, rising in value operation, there is increment function HZ at this terminal; The terminal is at first read sign ID number of stored value card, and calculates HZ (ID), carries out authentication with HZ (ID) increment key, the operation of rising in value accordingly when consistent; Increment function HZ on the terminal can leave in the SAM card on the terminal, to guarantee the safety of this function.Certainly depreciation (consumption) function HX also can be stored on the PSAM card on the terminal and guarantee safety.
When on non-credit terminal, using, the user imports PIN code; Sign ID number of stored value card read at the terminal; And calculate ZQ (ID); 2 carry out authentication with ZQ (ID) with the zone, through after read HX (ID) and the PIN code that is stored in the zone 2, after the PIN code checking is passed through; Re-use HX (ID) and 1 carry out authentication with the zone, through after carry out the corresponding depreciation or the work of withholing.On the non-like this credit terminal, just need not store depreciation (consumption) function HX.
This scheme can realize that same stored value card can use on credit terminal and non-credit terminal.It is all consistent with existing method of application and inter-process flow process when credit terminal uses; But when on non-credit terminal, using, must import PIN code, reach the non-credit terminal of restriction " wireless " and use the potential safety hazard of bringing.For reaching the method for this security purpose, mainly be to adopt all to be put into the data area on the card to depreciation key and PIN code in present patent application, and should the zone with strengthening password ZQ (ID) protection.Possibly also have method more easily, but our this scheme can be implemented on the consumption terminal, in fact can not have the HX function, has protected the safety of HX function so to a great extent.
ID among this embodiment can be the card identification data also, and be not only sequence number.ID in following examples does not add explanation, is like this yet.For the CPU card, the mode of its management data is a file.File also can be provided with cryptographic key protection, also can be increment password and depreciation password.In a word, change the zone among the embodiment into file, just can be used for the description of CPU card basically.Key problem or security model are exactly; For the one group of data (being called zone or file) in the card; Can use increment sign indicating number, depreciation password and read-write password to protect, the core of this embodiment is exactly to be stored in these passwords and PIN code other data fields of card and to protect with other password.In addition, the PIN code of storage should be the data after the hash, and to increase the safety of PIN code, term is " with a salt ".In order to narrate conveniently, the protection of PIN code just has not been described in detail.
Because non-credit terminal is to be used by a large amount of medium and small businessmans, even through PSAM card protection ZQ function, also possibly attacked.Hoping safety to be placed on fully in the protection of PSAM card is not a best choice.
So, further, should encrypt HX (ID) and signature process.Here it is embodiment 3
[embodiment 3] signature
The third embodiment according to the present invention, a kind of method of safe electronic wallet, increment function HX, depreciation function HZ arranged here, strengthen function ZQ, stored value card sign ID, rivest, shamir, adelman RSA and key to (S1, S2), user's PIN code.We select zone 1 storage area as remaining sum in the stored value card.Zone 2 is the zone of storage depreciation key.
Like this, the increment password is HZ (ID); The consumption password is HX (ID); The enhancing password is ZQ (ID); Calculate RSAS1(ID, HX (ID)) also is stored in by in the zone that strengthens password ZQ (ID) protection with PIN code.
When credit terminal used, generally there was depreciation function HX at this terminal; The terminal is at first read sign ID number of stored value card, and calculates HX (ID), carries out authentication with the consumption key in HX (ID) and the stored value card, the operation of withholing accordingly when consistent; When on the terminal of card sending mechanism, rising in value operation, there is increment function HZ at this terminal; The terminal is at first read sign ID number of stored value card, and calculates HZ (ID), carries out authentication with the increment key in HZ (ID) and the stored value card, the operation of rising in value accordingly when consistent; Increment function HZ on the terminal possibly leave in the SAM card on the terminal, to guarantee the safety of this function.Certainly depreciation function HX also can be stored on the PSAM card on the terminal.
Rivest, shamir, adelman RSA and key S2 are arranged on the non-credit terminal and strengthen cipher function ZQ.During use, the user imports PIN code; The terminal is read sign ID number of stored value card, and calculates ZQ (ID); 2 carry out authentication with ZQ (ID) with the zone, through after read RSAS1(ID, HX (ID)) and PIN code calculate RSAS2(RSAS1(ID, HX (ID))) obtain ID and HX (ID) and PIN code, the PIN code checking is passed through, and this ID uses HX (ID) to carry out authentication with regional 1 with after the ID of card is consistent, through after the work of withholing accordingly.
RSA Algorithm, key S2 and ZQ can be stored on the PSAM card on the terminal.
[embodiment 4] signature+PSAM
The 4th kind of embodiment according to the present invention, a kind of method of safe electronic wallet is as shown in Figure 1.This is that a kind of inventor thinks more complete embodiment.In the figure, the publisher of card system confirms depreciation function HX, increment function HZ, strengthen function ZQ142, rivest, shamir, adelman RSA141 and key to (S1, S2), user's PIN code.Select zone 31 storage areas as remaining sum in the stored value card.Zone 32 is the zone of storage depreciation key.
In the hair fastener stage, carry out the individualized of card according to consumer's application, other necessary information of storage on card; And confirm that zone 31 is the remaining sum storage area of stored value card.Read the sign ID of card, calculate increment password HZ (ID), depreciation password HX (ID) and be regional 31 protection key, deposit in wallet region keys district 311; Strengthening password ZQ (ID) is the protection key of storage area 32, deposits in storage area 32 key districts 321; Calculate RSAS1(ID, HX (ID)) also is stored in by in the storage area 32 that strengthens password ZQ (ID) protection with PIN code.In the SAM card on the terminal 1 (non-trust terminal), storing RSA Algorithm and S2 is RSA engine 141, ZQ function 142.
When 5 (credit terminals) used at the terminal, the depreciation function HX521 at this terminal left in the SAM module 52; Terminal 5 is at first read sign ID number of stored value card 3 through connecting 4, and is sent to SAM module 52; SAM module 52 calculates HX (ID), carries out authentication with the zone 31 of the wallet in HX (ID) and the stored value card 3 according to the key of wallet region keys district 311 storages, through after the operation of withholing accordingly.When rising in value operation on the terminal 5, the increment function HZ522 at this terminal leaves in the SAM module 52; The terminal is at first read sign ID number of stored value card, and is sent to SAM module 52; SAM module 52 calculates HZ (ID), carries out authentication according to the key that wallet region keys district 311 stores, the operation of rising in value accordingly when consistent with HZ (ID) with the stored value card zone 31 in the stored value card 3.
In the SAM module 14 on the terminal 1 (non-trust terminal), it is RSA engine 131 and enhancing function ZQ142 that rivest, shamir, adelman RSA and key S2 are arranged.During use, after the terminal 1 acquisition amount of money and user imported PIN code, sign ID number of stored value card 3 read at terminal 1, is sent to terminal 1 and is sent to SAM module 14; SAM module 14 calculates ZQ (ID); SAM module 14 usefulness ZQ (ID) and storage area 32 are through terminal 1 and be connected 2 and carry out authentication according to the key that is stored in storage area 32 key districts, 321 storages, through after read the RSA that is stored in the storage area 32S1(ID, HX (ID)) calculates RSA with the RSA engine in the SAM module 14 141 thenS2(RSAS1(ID; HX (ID))) obtain ID and HX (ID) and PIN code, PIN code checking is passed through, and relatively this ID is with after the ID of card is consistent; Use HX (ID) and wallet zone 31 through terminal 1 and be connected 2 keys stored according to wallet region keys district 311 and carry out authentication, through after the work of withholing accordingly.Obviously all appear at terminal 1 and the data that connect on 2 can be passed through encryption.
In fact, can connect PIN code more closely with the ZQ function, be exactly embodiment 5
[embodiment 5] signature+PIN+PSAM
The 5th kind of embodiment according to the present invention, a kind of method of safe electronic wallet is as shown in Figure 1.This is that a kind of inventor thinks reasonable embodiment.In the figure, the publisher of card confirms depreciation function HX, increment function HZ, strengthen function ZQ, rivest, shamir, adelman RSA and key to (S1, S2), user's PIN code.Select zone 31 storage areas as remaining sum in the stored value card.Zone 32 is the zone of storage depreciation key.
In the hair fastener stage, carry out the individualized of card according to consumer's application, other necessary information of storage on card; And confirm that zone 31 is the remaining sum storage area of stored value card.Read the sign ID of card, calculate increment password HZ (ID), depreciation password HX (ID) and be regional 31 protection key, deposit in wallet region keys district 311; Read user's PIN code, (ID is the protection key of storage area 32 PIN), deposits in storage area 32 key districts 321 to calculate enhancing password ZQ; Calculate RSAS1(ID, HX (ID)) also is stored in that (ID is PIN) in the zone 32 of protection by strengthening password ZQ.In SAM module 14 cards on the terminal 1, storing RSA Algorithm and S2 is RSA engine 141, ZQ function.
When 5 (credit terminals) used at the terminal, the depreciation function HX521 at this terminal left in the SAM module 52; Sign ID number of stored value card 3 at first read through connecting 4 in terminal 5; Be sent in the SAM module 52; SAM module 52 calculates HX (ID); Carry out authentication with the zone 31 of the wallet in HX (ID) and the stored value card 3 according to the key of wallet region keys district 311 storages, through after the operation of withholing accordingly; When rising in value operation on the terminal 5, the depreciation function HZ522 at this terminal leaves in the SAM module 52; Sign ID number of stored value card at first read at the terminal, is sent in the SAM module 52; SAM module 52 calculates HZ (ID), carries out authentication according to the key that wallet region keys district 311 stores, the operation of rising in value accordingly when consistent with HZ (ID) with the stored value card zone 31 in the stored value card 3.(read signature numeral, after HX and HZ function are divulged a secret or cracked, can prevent to produce in batches pseudo-card)
In the SAM module 14 on the terminal 1 (non-credit terminal), it is RSA engine 131 and enhancing function ZQ142 that rivest, shamir, adelman RSA and key S2 are arranged.During use, terminal 1 obtains the amount of money and with after producing the input PIN code, sign ID number of stored value card 3 read at terminal 1, is sent to terminal 1 and is sent to SAM module 14; SAM module 14 calculate ZQ (ID, PIN); With ZQ (ID, PIN) with zone 2 through terminal 1 and be connected 2 and carry out authentication according to the key that is stored in the storage of storage area 32 key districts 321, through after read the RSA that is stored in the zone 2S1(ID, HX (ID)), SAM module 14 is calculated RSA thenS2(RSAS1(ID, HX (ID))) obtain ID and HX (ID), relatively this ID is with after the ID of card is consistent, uses HX (ID) and wallet zone 31 through terminal 1 and be connected 2 keys stored according to wallet region keys district 311 and carry out authentication, through after the work of withholing accordingly.Obviously all appear at terminal 1 and the data that connect on 2 can be passed through encryption.
Different with embodiment 4; Here directly be not put into zone 2 to PIN code; But the patent that adopts the inventor to apply for is seen patent application document (method of a ZL201010533245 symmetric cryptography authentication), guarantees the safety in zone 32 as the PIN code control mode.After enhancing function ZQ divulges a secret or is cracked, there is not PIN code can not obtain RSA like thisS1(ID, HX (ID)), the further like this safety of protecting HX (ID).
What special declaration used in an embodiment is that RSA represents rivest, shamir, adelman, does not represent and can only use RSA Algorithm.Just require this rivest, shamir, adelman that two different keys are arranged, i.e. encryption key S1 and decruption key S2; Know that decruption key is difficult to obtain encryption key.Decruption key generally claims to become privacy key to encryption key S1, and decruption key S2 is called public-key cryptography, claims on the contrary that perhaps S1 is a public-key cryptography, and S2 is a privacy key.But in the present invention, we use S1 to do the usefulness of signature, and the while can also be utilized its encryption function.S2 is stored in the consumption terminal; Its effect can be verified when whether the ID of this card is signed by S1 exactly; Can also protect the HX key data of being signed, can prevent to forge card like this and reuse the ID card of having signed name, can solve through blacklist for ID card out of joint.Utilize the encryption function of S1 simultaneously, can also guarantee ID number and corresponding to the safety of this ID number consumption key.So signature does not preferably use common digital digest technology, but directly use bear the signature the again cipher system of function of this existing encryption function of RSA.
S2 is commonly referred to as public-key cryptography, but is not to disclose this key in the present invention; Even should all be placed on algorithm RSA and decruption key S2 in the PSAM card of read-write terminal, to guarantee safety.
More than with embodiment method and system of the present invention is described.But the present invention also not exclusively is defined for stored value card, particularly is not restricted to the stored value card of radio-frequency card medium.Can not stored value card also, but be electronic bankbook.Although invention has been described in above embodiment, the description that is appreciated that above embodiment is an illustrative and descriptive, and nonrestrictive.It will be apparent to those skilled in the art that under the prerequisite that does not break away from the spirit and scope of the present invention that define by claims, can make various distortion, improvement, modification and replacement.Claims have been explained protection scope of the present invention.